• 1/4 
. AUS9.90992US1 



— ( isH 



100 



106 j 



AUTHEIfflCATlON ^ 
1 SERVER 

Nl12 



\ 
1 



102 



WEB 

104 APPUCATION 
SERVER 



DNS DOMAIN 1 



r 
/ 



y 



r— 



I ^1 

BROWSER 



FIG. 1 




FIG, 2 



2/4 

'AUS990992US1 



C INITIATES REQUEST 
TO VISIT URL AT S 



S RECEIVES 
REQUEST 



-300 



302 




S SENDS NONCE 
AND APPLET 



-, 306 



RETURN 
REQUESTED 
RESOURCE 



C EXAMINES 
MIME TYPE 




310 



YES 



APPLET INSTALLS 
PLUG-IN 



314 



CALL 
PLUG-IN 



316 



DISPLAY LOGIN 



USER ENTERS PW 



CALCULATE 
SHARED KEY Kg 



-318 
-320 

f^322 



CALCULATE 
KEY Kc 



CALCULATE MAC 



C SENDS S TOKEN 



324 

•^326 
328 



FIG. 3 



1 



S CALCULATES MAC 



330 



COMPARE MACS 



1/-332 




COMPARE C 
AND S TIME 



335 



RETURN 
ACCESS 
DENIED 
MESSAGE 



STORE AT 



S OBTAINS ACT 



STORE ACT 



S GENERATES 
IDENTTIY COOKIE 



S RETURNS 
COOKIE TO C 

i 



-338 
-340 

-342 
-344 

346 



C STORES 
COOKIE IN CACHE 



^348 



• 3/4 
AUS990992US1 



400- 
402 

404 



406 



408 



C REQUESTS URL 



PLUG-IN 
RECOGNIZES URL 



PLUG-IN GENERATES 
AUTHENTICATION 
TOKEN 



BROWSER SENDS S 
THE URL. COOKIE 
AND TOKEN 



SERVER LOCATES AT 




414-^ 


S DETERMINES 
UIDc 








416^ 


S 


CALCULATES Kgc 








418-^ 


S 


CALCULATES MAC 



FIG. 4 



ACCESS 
DENIED 



412 



424- 
426 

428 



MACS 
EQUAL? 



NO 



420 , 


,YES 


ACCESS 
DENIED 


STORE T 










SERVER USES ACTc 


NOT ALLOWED 


FOR ACD 






, ALLOWED 


ACCESS 
DENIED 


INVOKE URL 







422 



430 



4/4 
AUS990992US1 



a ■ 



FIG, 5 



500 



EXAMINE 
CUENT STATE 
USING UIDc 




508 



RESPONSE 



614 



NO 








ACCESS 
DENIED 




\ 



503 







ACCESS 




DENIED 



510 



S REQUIRES C 
TO RE-LOGIN 



FIG. 6 



PLUG-IN SENDS 
REQUEST TO B 



B REDIRECTS TO S 



604 

^AN S" 
AUTHENTICATE 
C? 



S REDIRECTS 
REQUEST TO B 



S SENDS B 
AUTH OK RESPONSE 



B CREATES 
IDENTITY COOKIE 



B SETS COOKIE 



600 
602 



606 
608 

610 
612 



